Optimized security for virtual environments

An unmatched combination of protection and ‘virtualization-aware’ technologies

Kaspersky Security for Virtualization Light Agent combines Kaspersky Lab’s most advanced anti-malware and network protection technologies in a solution that’s been specifically developed for virtual environments. While traditional security products require a full security agent to be installed on each VM (Virtual Machine), Kaspersky Security for Virtualization Light Agent only requires one dedicated SVM (Security Virtual Machine) to be installed on each virtual host. Each VM then only needs a very small software agent – or ‘Light Agent’.

Preserves the performance of virtual servers and desktops

Kaspersky Security for Virtualization | Light Agent protects your virtual environment – including virtual servers and VDI (Virtual Desktop Infrastructure) - with no significant impact on hypervisor performance. You can effectively protect your systems and sensitive corporate data, while maintaining high consolidation ratios and quality of service for your users.

Protection for Linux and Windows Servers

Kaspersky Security for Virtualization is the perfect solution for hybrid data centers, delivering advanced security capabilities to any virtual server regardless of the operating system running inside it. Kaspersky Security for Virtualization fully supports a huge number of Microsoft Windows Server and Linux Server operating systems, allowing you to build data centers as heterogeneous as your corporate IT strategy dictates, while we seamlessly deliver the right security options to each part of your IT landscape.

Reduces the load on your computing resources – so each host can do more

With its unique architecture, Kaspersky Security for Virtualization | Light Agent reduces the load on each virtual host, including the following resources:

Hypervisor I / O

CPU

Memory

Storage

Eliminates anti-malware ‘storms’

With only one SVM updating on each virtual host, Kaspersky Security for Virtualization | Light Agent helps to eliminate anti-malware 'Update Storms' and 'Scanning Storms'. Peaks in resource consumption are also avoided through intelligent scan task orchestration. The SVM automatically creates On-Demand Scanning queues, redistributing scan tasks over time in response to the current hypervisor load. The SVM’s ability to prioritize tasks intelligently also solves the problem of the ‘noisy neighbor’ - On-Access scan tasks are always prioritized over On-Demand to minimize the impact of individual VM scans on the responsiveness of neighboring VMs.

Kaspersky Security for Virtualization | Light Agent offers a choice of ‘per VM or ‘per core’ licensing – so you can choose the option that’s most cost-effective for your business. For large Data Centers and IaaS (Infrastructure as a Service) providers, the number of VMs will continually fluctuate – so ‘per core’ licensing can offer big benefits.

Supports the rapid provisioning of VDI machines

Kaspersky Security for Virtualization | Light Agent fully supports linked and full cloning. Thanks to the pre-installed lightweight agent, provisioning a new VM just involves cloning a template. After cloning is complete, the new machine will be automatically protected by the SVM. This simplifies VDI management, eliminating the need to update security products on the VDI image.

Anti-Ransomware for your VDI

System Watcher technology built into Kaspersky Security for Virtualization | Light Agent monitors the behavior of applications running inside each virtual desktop. If any form of suspicious behavior, such as cryptor or locker activity, is detected, the activity is blocked and any malicious changes are automatically rolled back, so your critical data remains secure. Your VDI users won’t even be aware that anything’s happened.

Automatic Exploit Prevention (AEP)

AEP specifically monitors the most frequently targeted applications in VDI environments – including Adobe Reader, Internet Explorer, Microsoft Office, Java and many more – delivering an extra layer of security monitoring and protection against unknown threats.

Flexible control tools for VDI

Award-winning endpoint controls – including Application Control, Web Control and Device Control – add a further layer of protection against malware, making it easy to apply corporate security policies right across your virtual and physical infrastructure.

Application Control

Flexible Application Control tools let you dictate which applications are allowed to launch on which VMs. This prevents unnecessary exposure to risk and wasted resources due to running superfluous software.

You can choose to operate a Default Allow policy, allowing all applications not on your blacklist to run, or a Default Deny policy that blocks all programs not on your whitelist of safe applications.

Kaspersky’s Application Control also includes:

Application Startup Control – monitoring and controlling each user’s attempts to launch applications

Application Privilege Control – registering applications and regulating their activity according to the rules you’ve set. These rules can control whether an application is allowed to access operating system resources and the user’s personal data.

Web Control

Web Control lets you manage Internet usage, blocking VM access to social networks, music, video, non-corporate web email and websites containing inappropriate content. Different control policies can be set for different job roles, and total blocks, or blocking during specific periods of the working day, can be applied.

Device Control

As users can connect to their VDI machine from anywhere, using any device, it’s important to make sure the VM is not exposed to extra threats introduced through insecure USB devices. This technology allows you to specify which removable devices are granted access to individual VMs. It’s easy to apply control policies to a range of devices, including removable drives, printers and non-corporate network connections. For VMware installations, this technology complements and enhances existing Horizon USB Redirection capabilities.

Silent Mode for even lighter-weight protection

The Kaspersky Security for Virtualization Light Agent user interface can now be disabled (by offloading it) on any VM. This can be of benefit with, for example, desktop virtualization on Windows Server OS when Remote Desktop or Terminal Services are enabled, or for application virtualization based on Citrix XenApp.

Security for Virtual Networks Across your Entire Infrastructure

Multi-layered protection for your network

Kaspersky Security for Virtualization | Light Agent protects against external and internal network attacks – including threats that may be hidden in non-transparent virtual traffic. Every VM is protected by host-based network security which includes Kaspersky Lab’s HIPS, firewall and Network Attack Blocker technologies.

Host-based Intrusion Prevention System (HIPS) and personal firewall

HIPS – working together with Kaspersky Lab’s two-way firewall – controls both inbound and outbound traffic on your network. Flexible tools let you control security according to a wide choice of parameters, including settings for an individual port, individual IP addresses or a specific application’s network activity.

Network Attack Blocker

Kaspersky’s Network Attack Blocker technology monitors hypervisor network traffic and checks for the presence of any activity which could indicate or presage a network attack. On detection, the network attack is automatically blocked.

Improved protection versus perimeter-based appliances

Kaspersky’s virtual machine-based security delivers protection which sits much closer to the virtual workload to be secured than is possible with perimeter-based security appliances. This approach is particularly effective in securing non-transparent virtualization traffic against internal network infections, such as the Conficker Worm.

A Finely Balanced Combination of Security Technologies

Eliminating unnecessary scans

Virtual environments – especially VDI – often include many similar VMs each accessing identical files, so some security products waste time and resources running multiple scans of the same file. Kaspersky’s Shared Cache feature effectively shares the results of file scans, helping to minimize the overall load on your IT infrastructure.

Shared Cache

Whenever a file is accessed on a VM, Kaspersky Security for Virtualization | Light Agent will scan the file to ensure it’s safe, then store the verdict in the Shared Cache. If the same file is accessed on another VM on the same virtual host, Kaspersky Security for Virtualization | Light Agent automatically knows it’s unnecessary to perform a further scan. The file will only be scanned again if it has changed, or if the user manually requests a scan.

Local Cache

A further enhancement to cache-based methods of file-scanning optimization. Stored locally within the operating memory of a protected VM, this cache eliminates unnecessary network usage – no need to check the Shared Cache on the SVM if there is a valid verdict in the Local Cache.

Redundancy for SVMs (Security Virtual Machines)

The solution architecture is constructed so that SVMs can back one other up, eliminating single-points-of-failure in infrastructures of any size. In the event of significant changes in virtualized infrastructure, the Light Agent on the VM can reconnect to a neighboring SVM almost immediately. This ensures continuous real-time protection for the entire virtualized environment, regardless of changes at infrastructure level.

Autonomous operation

This feature allows the Light Agent to operate in autonomous mode for a short period. In this mode, technologies including Self Defense, Automatic Exploit Prevention and other behavioral defensive mechanisms continue to protect the VM. In addition, a local queue of files requiring anti-malware checking is created, ready for when normal operation is resumed. This approach ensures that every single file is inspected, regardless of circumstances.

System Watcher technology

Kaspersky’s System Watcher technology monitors the behavior of applications running on VMs. If System Watcher detects suspicious behavior, that activity will be blocked and any malicious changes automatically rolled back.

Self-defense for Light Agents

This built-in mechanism protects Kaspersky Security for Virtualization itself against malware that may try to modify or block its functions, delete any components (e.g. antivirus databases, quarantined files, trace files), terminate the application of its services or uninstall them. Self-Defense also prevents the modification or deletion of Kaspersky Security for Virtualization | Light Agent system registry keys inside the guest OS.

Built-in self-monitoring

The Security Virtual Machine (SVM) constantly and autonomously monitors its own operation, automatically restarting its scan server service if this is halted or disrupted for any reason. This ensures that the scanning engine is available and ready to handle anti-malware scans at all times.

Fast to configure and easy to manage

Parallel installation and deployment

SVMs can be deployed onto several virtualization hosts simultaneously. This dramatically decreases the time needed to get the security solution up and running within a virtualized infrastructure, regardless of size.

Multi-networking

The broader your infrastructure, the more network segments you have. From a networking perspective, some complexity of infrastructure and its topology is the norm. But regardless of complexity levels, you need full security protection in place and running efficiently, covering the entire network infrastructure. Kaspersky Security for Virtualization | Light Agent operates seamlessly in enterprise infrastructures running multiple logical networks on different hypervisor hosts and platforms.

Multicast: to use or not to use

Some companies allow the use of multicast transmission within their network infrastructures, allowing Light Agents to discover and connect to an SVM without any additional network configuration.

If your corporate IT policy prohibits the use of multicasts, Kaspersky Security for Virtualization | Light Agent can be configured in a more robust and direct way, using Unicast to discover the SVM. This technique also means that a static pool of SVMs for Light Agents can be defined.

Choose whichever option best suits your environment.

Easy to deploy and manage

After the dedicated SVM has been installed on the virtual host, Light Agents can easily be distributed onto every VM – either manually or according to an automatic routine set up by the administrator.

Different security settings can easily be applied to different VMs – so specific security functions can be excluded if they are not relevant to an individual VM or group of machines.

Exceptions or enforcement management

Kaspersky Security for Virtualization | Light Agent now offers a wider list of applications from different software vendors for use when specifying exceptions or configuring an enforced scanning policy.

One centralized management console for all physical, virtual and mobile devices